outthought/aws_route53_zone_association_handshake

AWS Route 53 Zone Association Handshake

AWS Route 53 Zone Association Handshake

Terraform module to authorize and associate a list of Route 53 private Hosted zone to a list of vpc_ids in another AWS account.

This is one way to manage hosted-zone-to-VPC associations to a VPC in different AWS accounts.

Example

provider "aws" {
  alias = "foo"
}

provider "aws" {
  alias = "bar"
}

module "handshake" {
  source = "github.com/outthought/aws_route53_zone_association_handshake"
  providers = {
    aws.zone_provider = aws.foo
    aws.vpc_provider  = aws.bar
  }
  zone_ids = ["Z050507915RZVESV2YHGJ"]
  vpc_ids  = ["vpc-0cac04ffc6e165683"]
}

Prerequisites

• Two AWS accounts. One with the hosted zones, and the other with the VPCs.
• At least one VPC in each account.
• The list of VPCs provided to variable vpc_ids must all be from the same region. To associate across region, call the module multiple times for different provider regions.
• Way to assume role in both providers from the credentials used to call terraform.

Errors

This error is a timing issue between the authorization and the association.

Error: error associating Route 53 Hosted Zone (Z050507915RZVESV2YHGJ) to EC2 VPC (vpc-0cac04ffc6e165683): AccessDenied